Skills
skills/andreaserradev-gbj/dev-workflow/dev-resume/Gen Agent Trust Hub

dev-resume

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from external checkpoint and PRD files. This creates an indirect prompt injection surface where malicious instructions embedded in a project's documentation could influence the agent's behavior during context restoration.
  • Ingestion points: The context-loader sub-agent reads checkpoint.md and referenced PRD files as instructed in SKILL.md Step 3.
  • Boundary markers: The agent uses structured extraction prompts and XML-style tags (e.g., <context>, <next_action>) to organize data parsing, though these provide logical rather than cryptographically secure separation.
  • Capability inventory: The skill possesses the ability to execute shell scripts (Git state, file discovery), read files, and list directory contents.
  • Sanitization: The skill employs a dedicated scripts/validate.sh utility that enforces path safety by preventing parent-directory traversal (..) and ensuring all accessed files are within the project's .dev/ directory.
  • [COMMAND_EXECUTION]: The skill executes a suite of local shell scripts for discovery and validation. These scripts are implemented following best practices, such as using the -- delimiter in grep to prevent user-supplied arguments from being interpreted as command flags.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 10:53 PM